If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

phpBB Security

I was browsing through a huge list of Forum packages and came across one that appealed to me the most.
Are there any security flaws or exploits in PhpBB 2.04 that I need to concern myself with and how would I test these flaws and exploits to see if they work, and mostly, how do I fix them?

Also, I would recommend upgrading to phpBB 2.0.6 and just keep a watch on there site for patches and updates.
Someone else will probably be able to help more on the security but if you keep it up to date that is a start.

You could check the site im sure they have known bugs. Maybe even ask other users who use it. There is never any way of knowing every bug in software.

[gloworange]And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict\'s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. \"This is it... this is where I belong...\" I know everyone here... even if I\'ve never met them, never talked to them, may never hear from them again... I know you all...[/gloworange]

There are workarounds available for all of these vulnerabilities. The most serious are CAN-2003-0486 which would allow an attacker to steal the hash of the password for the admin user and BID-7932 which allows an attacker to run arbitrary code.

[gloworange]And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict\'s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. \"This is it... this is where I belong...\" I know everyone here... even if I\'ve never met them, never talked to them, may never hear from them again... I know you all...[/gloworange]